These sorts of adversary-in-the-middle attacks have grown increasingly common. In 2022, for instance, a single group used it in a series of attacks that stole more than 10,000 credentials from 137 organizations, and led to the network compromise of authentication provider Twilio, among others. One company that was targeted in the attack campaign but wasn’t … Read more
A new phishing-as-a-service (PhaaS) kit known as “SessionShark” targets Microsoft Office 365 accounts and claims to enable multi-factor authentication (MFA) bypass while evading common detection methods, SlashNext reported in a blog post Thursday.SessionShark allegedly serves as an adversary-in-the-middle (AiTM) tool that intercepts login credentials and user session tokens, the latter of which can be used … Read more
The adoption rate of phishing-resistant forms of multi-factor authentication (MFA) such as WebAuthn hardware keys, device-based passkeys and Okta’s own FastPass nearly doubled in 2023, a study of Okta workplace users finds. But their overall usage rate is still very small. At the same time, the adoption rate of all forms of MFA, weak or … Read more
The UK’s cyber watchdog says that companies need to be more mindful with how they handle their multi-factor authentication. The National Cyber Security Centre (NCSC) said companies can no longer rely on MFA as a blanket solution to their network security woes. The problem, say experts, is that in many cases attackers are now able … Read more